Skills
skills/gemini960114/skills/uv-environment/Gen Agent Trust Hub

uv-environment

Pass

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Privilege Escalation] (LOW): The skill recommends using Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass. Although this bypasses a security policy, the impact is limited to the current process session and is a common requirement for activating Python virtual environments in PowerShell.
  • [Indirect Prompt Injection] (LOW): The skill acts on user-provided command outputs and project metadata (pyproject.toml), which could contain malicious instructions designed to influence the agent.
  • Ingestion points: Processes user-provided CLI output and environment information.
  • Boundary markers: Absent; the skill does not use delimiters to isolate untrusted data.
  • Capability inventory: Provides commands for uv sync (package installation) and uv run (code execution).
  • Sanitization: No explicit sanitization or validation of the provided output is performed before interpreting it.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 22, 2026, 04:41 AM